lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YMdqnDMgHSYtt3c2@cmpxchg.org>
Date:   Mon, 14 Jun 2021 10:41:32 -0400
From:   Johannes Weiner <hannes@...xchg.org>
To:     Suren Baghdasaryan <surenb@...gle.com>
Cc:     Peter Zijlstra <peterz@...radead.org>,
        Jared Pochtar <jpochtar@...com>,
        LKML <linux-kernel@...r.kernel.org>, kernel-team@...com
Subject: Re: [PATCH] psi: fix sampling artifact from pressure file read
 frequency

On Thu, Jun 10, 2021 at 10:33:15AM -0700, Suren Baghdasaryan wrote:
> On Thu, Jun 10, 2021 at 6:58 AM Johannes Weiner <hannes@...xchg.org> wrote:
> >
> > On Wed, Jun 09, 2021 at 08:32:51PM -0700, Suren Baghdasaryan wrote:
> > > On Tue, Jun 8, 2021 at 12:03 PM Johannes Weiner <hannes@...xchg.org> wrote:
> > > >
> > > > Currently, every time a psi pressure file is read, the per-cpu states
> > > > are collected and aggregated according to the CPU's non-idle time
> > > > weight. This dynamically changes the sampling period, which means read
> > > > frequency can introduce variance into the observed results. This is
> > > > somewhat unexpected for users and can be confusing, when e.g. two
> > > > nested cgroups with the same workload report different pressure levels
> > > > just because they have different consumers reading the pressure files.
> > > >
> > > > Consider the following two CPU timelines:
> > > >
> > > >         CPU0: [ STALL ] [ SLEEP ]
> > > >         CPU1: [  RUN  ] [  RUN  ]
> > > >
> > > > If we sample and aggregate once for the whole period, we get the
> > > > following total stall time for CPU0:
> > > >
> > > >         CPU0 = stall(1) + nonidle(1) / nonidle_total(3) = 0.3
> > > >
> > > > But if we sample twice, the total for the period is higher:
> > > >
> > > >         CPU0 = stall(1) + nonidle(1) / nonidle_total(2) = 0.5
> > > >         CPU0 = stall(0) + nonidle(0) / nonidle_total(1) = 0
> > > >                                                           ---
> > > >                                                           0.5
> 
> Could you please clarify that above you are calculating the
> nonidle/nonidle_total ratio? I understood your description in the text
> but these calculations seem to claim that:
> 
> 1+1/3=0.3
> 1+1/2=0.5
> 0+0/1=0
> 
> Clarification would be helpful IMHO.

Oof, my bad, that's a plain typo. The + should be *:

stall(1) * nonidle(1)/nonidle_total(3) = 0.3

vs

stall(1) * nonidle(1)/nonidle_total(2) = 0.5
stall(0) * nonidle(0)/nonidle_total(1) = 0.0

> Also IIUC the state contributions are:
> STALL == stall(1) + nonidle(1)
> SLEEP == stall(0) + nonidle(0)
> RUN == nonidle(1)
> Is that correct?

Correct. And nonidle_total is from STALL + RUN + RUN.

> > > > Neither answer is inherently wrong: if the user asks for pressure
> > > > after half the period, we can't know yet that the CPU will go to sleep
> > > > right after and its weight would be lower over the combined period.
> > > >
> > > > We could normalize the weight averaging to a fixed window regardless
> > > > of how often stall times themselves are sampled. But that would make
> > > > reporting less adaptive to sudden changes when the user intentionally
> > > > uses poll() with short intervals in order to get a higher resolution.
> > > >
> > > > For now, simply limit sampling of the pressure file contents to the
> > > > fixed two-second period already used by the aggregation worker.
> > >
> > > Hmm. This is tricky.
> >
> > Yes ;)
> >
> > > So, userspace-visible effect of this change is that totals will not
> > > update when the psi file is read unless the psi_period expires.
> >
> > That's a visible side effect, but yeah, correct.
> >
> > > We used to postpone updating only the averages and now the totals
> > > will follow suit. Not sure if presenting stale data is better than
> > > having this dependency on timing of the read. As you noted, the
> > > value we get is not inherently wrong. But one could argue both ways
> > > I guess... Having this "quantum" effect when the act of observation
> > > changes the state of the object is indeed weird, to say the least.
> >
> > Yes. Especially *because* we don't update the averages more than once
> > per 2s window. It gives the impression they would follow steady
> > sampling, but they're calculated based on total= which is aggregated
> > on every read.
> >
> > Tying the total= updates to the same fixed window presents slightly
> > less current data, but results in more obvious and intuitive behavior.
> >
> > For more current data there is always poll() - which is a better idea
> > than busy-reading the pressure files for a sub-2s resolution...
> 
> True, however triggers are rate-limited to one per tracking window
> (0.5s min), so they have their own limitations.

Right, but if somebody needed *higher* resolution than this, wouldn't
it make more sense to lift the restrictions on poll() rather than read
the pressure file several times per second?

> > > In the paragraph above you say "For now". Do you have an idea that
> > > could solve the issue with totals being stale while removing this
> > > dependency on the timing of reads?
> >
> > Yeah, it's hinted at in the paragraph before that.
> >
> > What we could do is decouple the CPU weight sampling from the stall
> > time sampling, and use a fixed-window average for the nonidle /
> > nonidle_total ratio when aggregating. This way, no matter how
> > frequently you read the stall times, you get the same results.
> >
> > However, because the update frequency absent any reads is 2s, that
> > would be the window size we'd have to use. So while we could present
> > updated total= on every read, they would still be aggregated based on
> > a relatively stale CPU load distribution.
> >
> > They wouldn't be as current as they might seem - and as current as the
> > user would assume them to be if they read the file frequently and got
> > new totals every time. This is even more subtle than the status quo.
> >
> > IMO the cleanest interface is simply to be honest and consistent about
> > the pressure files following a fixed 2s aggregation frequency, and
> > refer people who need a higher resolution to poll().
> 
> I would agree, however 2s interval when (memory) pressure rises fast
> is an eternity. The device can get into OOM state much faster than
> that. I'm worried that this limitation might render totals useless.

> The change does not pose issues for Android today because we rely on
> poll() and then we read other stats. However in the ideal world we
> would use only psi and after receiving the initial trigger we would
> start reading psi periodically to detect any further spikes. This
> would require totals to be up-to-date.

I might be missing something, but why manually read the pressure files
at a high frequency when you get the event? Wouldn't it be possible to
keep listening for further trigger events from poll() in that case?

Does it all come down to the 500ms window restriction?

You're right that this change would make it impossible to use total=
in the pressure files for manual high-frequency sampling, my question
is whether that does something that poll() can not, even in theory.

> These are my thoughts about long-term possible uses but I don't object
> to this change as a short-term solution. Hopefully nobody uses totals
> this way today, otherwise they are up for an unpleasant surprise.

Yeah I think that's a valid concern. We shouldn't break such usecases
if they exist. And it would break them in a non-obvious way. So let's
table this version of the patch for now.

Another option could be to use a separate aggregator state for avg=
and total=, such that total= updates stay adaptive to the read
frequency, but the canned avg= would at least behave more predictably
for less sophisticated usecases.

The implication would be that manual averaging of total= at sampling
intervals other than 2s would no longer match up to avg=. But it's
harder to imagine anybody would rely on that.

What do you think?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ